PRIVACY POLICY for Ekkofleet
Protecting Your personal information and respecting your choices are MUNIC’s priority.
This privacy policy (the « Privacy Policy ») governs your subscription to and use of MUNIC’s Ekkofleet website (the « Website ») available at the following URL address: https://fleet.munic.io/, and any of Ekko mobile applications (EkkoFleet App, EkkoDriver App, EkkoWorkshop App, each called the App, and collectivety called the Apps and together with the Website, called Ekko) available in Apple or Google application stores as well as associated MUNIC’s products, such as Munic telematics devices, that are used to collect vehicle data. The Privacy Policy governs the collection and processing of your data by MUNIC and any of its affiliates.
Munic processes your data in accordance with applicable data protection laws including but not limited to the EU General Data Protection Regulation (GDPR), and UK GDPR.
Purpose of the Apps and the Website
The Apps and the Website are used for vehicle fleet monitoring purposes. The Webste and EkkoFleet App are typically used by the fleet manager or the owner or lessee of the vehicle, EkkoDriver by the vehicle driver and EkkoWorshop by the vehicle maintenance or vehicle onboarding team.
Purpose of the data processing and use of the Data
Your data is processed according to the terms of contracts executed with you and the organization owning or renting your vehicle that are monitored by Munic altogether “the Contract”.
The owner of the contract decides the purposes for which this information subsequently is used, who will have access and for how long the information is kept. Please refer to the owner of the contract for any additional information. Generally, this will be the owner or lessee of the vehicle or the fleet manager or your employer, each called “the Fleet Manager”.
The fleet manager has decided the various purposes for which the data collected from your vehicle and Ekko will be used, who will have access to it and for how long the information is kept. Please refer to the information provided to you by your fleet manager for this.
Responsibility of data processing
Munic is the data controller for Ekko and your data, and you can contact Munic at following address:
Data controller:
Munic
39 Avenue de Paris
94800 Villejuif
France
ekko@munic.io
Data Protection Officer
dpo@munic.io
1. General Information
By accessing and/or using the Website and the Services, You, either as an individual or a single entity, hereby fully consent to all terms of the Privacy Policy, and to all provisions of the TOU notably terms related to age restrictions
MUNIC, which registered office is located at 39 avenue de Paris, 94800 Villejuif, France, is responsible for the Data collected under the Privacy Policy and acts as the Data Controller of the Data for the purposes of applicable data protection laws.
2. What Data is collected and how ?
Through the Device
For vehicle data access, Ekko is used in combination with a Munic device installed in your vehicle or a link to vehicle data through the Vehicle manufacturer solution – which combines a Vehicle manufacturer device and associated Vehicle manufacturer servers), collectively called « the Device ».
Ekko, through the Device, collects data including personal data that concerns you (collectively the “Data”) such as your trips, driving behaviour as well as vehicle’s technical state, all necessary for MUNIC to (i) perform its obligations according to the Contract and (ii) comply with legal requirements (e.g. invoicing). The Data is continuously collected and sent to Ekko servers operated by Munic through the Device remote communication capability and is stored in these servers, associated with an account under the control of the Fleet Manager.
Once Ekko and the Device is installed or activated in your vehicle, and the Device and the App are configured in accordance with the Contract, typically via the EkkoWorshop App, Ekko will collect the following information through the Device:
- Date, time and location.
- Information that identifies you, your vehicle, your device (in the case of the App) and your smartphone (in the case of the App).
- Information related to your vehicle and how you drive it such as start/stop, odometer, idling time, rpm, speed and speed distribution, distance driven, braking, cornering, acceleration, battery levels and status, engine load, engine throttle levels, cruise control usage, coasting, fuel consumption, fuel level, tire pressure, vehicle battery state of charge and usage, maintenance need and technical status messages issued by the vehicle’s internal diagnostic systems.
- Information for diagnostic purposes such as software versions, device types, power disconnects, and error logs.
- Information such as location and vehicle heading that can be used in the event of an accident or a theft.
Availability of above vehicle information depends on the vehicle and the type of Device installed in the vehicle.
The Fleet Manager is the organization supporting your use of the vehicle or is the owner of the vehicle and can be typically (part of) a fleet management company, a leasing or rental company, a car importer, dealer or manufacturer.
Through the App and the Website
The App and the Website collect information about how you use them and send it to Ekko servers. The usage information collected could contain location information but not any information that you have entered or uploaded.
The App and the Website continuously send data to and retrieve data from Ekko servers – if you allow it to use the internet connection of your smartphone in the case of the App. The App and the Website will report and visualize the collected data in a graphical user interface on your smartphone.
Through the Website
When you navigate on the Website, Data about your computer hardware and software may be collected by MUNIC through the use of cookies. The Data can include: your IP address, browser type, domain names, access times and dates, and referring site addresses.
Uses of your location
Specific location privacy control settings are available to you in the App or in your browser settings, to allow you to enable or disable various uses of location data. Please consult your fleet manager for specific information on this.
When is it sent to Ekko Servers
Data collected by the Device is sent frequently, typically on a periodic schedule such as every minute, plus on specific events such as upon vehicle ignition or movement, ignition off or trip end, or in case of crash or impact detection.
Data collected by the App is sent during the App use, upon user actions such as login/logout, settings, screen change etc.
3. How is Data used ?
The Fleet Manager has decided the various purposes for which the data collected from your vehicle and the Apps will be used, who will have access to it and for how long the information is kept. Please refer to the information provided to you by your fleet manager for this.
Use of Data for legitimate interest according to GDPR
The data may be processed for purposes other than the sole performance of the contract, according to Art. 6 para. 1 (f) of GDPR for example in the following cases:
- To monitor Ekko use and it is secure and safe, and to protect you against fraud or misuse of Ekko, for example through performing troubleshooting;
- To run statistics about habits and use of Ekko.
- Measures for business management and further development of services and products;
- Maintaining a company-wide customer database to improve customer service;
- in the context of legal prosecution
Use of Data according to your consent
If you have given us your consent to process your data, e.g. to send you our newsletters or promotional materials.
Your Apps account
You will receive user credentials for the Apps from the Fleet Manager. Below are best practices and recommendations :
- Change your password upon first login
- Keep your account details confidential
- Use secure and unique passwords
Your account is used to give you access to the data stored on Ekko servers. The information is kept with your account as long as this account exists or for as long as the Fleet Manager decides.
Who receives your Data?
Most of Munic servers are located in the premises of a 3rd party such as a provider of server hosting services as well as internet connection. We use such service providers and others for sub-processing, and we remain responsible for the protection of your data. All processors are contractually obliged to process your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data if they require the data to fulfil their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system.
Your data is processed in our customer database. The customer database supports the enhancement of the data quality of the existing customer data (duplicate cleansing, address correction, etc.).
If there is a legal obligation and in the context of legal prosecution, authorities, and courts as well as external auditors may be recipients of your data.
Third party services privacy information is listed below in the Annex.
How long will your Data be stored?
Until the end of the Contract or until the expiry of the applicable statutory retention periods (e.g. applicable Commercial Code, Fiscal Code or Working Hours Regulations); in addition, until the end of any legal disputes in which the Data is required as evidence.
Is personal data transferred to a third country?
Data may be transferred to a third country only if our subcontractor involved into the fulfillment of the Contract is located in such a third country. Typically a server hosting provider has several data warehouses distant from each other in order to ensure redundancy and backup solutions, such data warehouses being located in different countries. Our servers are distributed across several warehouses including in third country. That is in full adequacy with GDPR, with standard contractual clauses, suitable guarantees, and if required according to GDPR, your express consent.
4. Your Data protection rights
You are entitled to access, rectify, object to a processing, correct, and/or ask for the portability or deletion of Your Data, and/or restriction of use, deactivation of cookies and withdrawal of Your consent for a Data processing at any time.
You can exercise such rights by doing so via your personal settings and account information and/or by sending an e-mail to MUNIC’ data protection officer (dpo@munic.io), or by sending a letter to the following address: MUNIC, 39, Avenue de Paris, 94800 Villejuif, France.
Please note that such exercise of rights might be limited for the purpose of the provision of the Services and/or in order for MUNIC to ensure its compliancy to applicable laws regarding book keeping and evidence recording for example. MUNIC will inform You if the case maybe.
You have the right to contact the data protection authority of your country in order to lodge a complaint against our data protection and privacy practices.
Right of access
You can request information from us as to whether and to what extent we process your data.
Right of rectification
You have the right to request us to correct or update your data if we process it incorrectly or in an incomplete manner.
Right to be forgotten
You have the right to request that we erase your data if we use it unlawfully, or if the use excessively infringes on your legitimate interests. Please be aware that there may be factors that delay immediate erasure, such as legal requirements for storage. Regardless of your exercise of your right to erasure, we will erase your data promptly and fully, unless we are legally obliged to keep them. To ensure your right to be forgotten can be persistent, we will continue to process a key identifier such as an email address.
Right to restriction of processing
You have the right to request that we limit the processing of your data if
- you dispute the accuracy of the data, for a period that allows us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse to have it deleted and instead demand a restriction on the use of the data,
- we no longer need the data for the intended purpose, but you still need the data to assert or defend legal claims, or
- you have objected to the processing of the data.
Right to data portability
You have the right to request us to provide you with your data that you have provided to us in a structured, common, machine-readable format and that you may transfer such data to another responsible party without hindrance from us, provided that we process this data on the basis of a revocable consent given by you or for the fulfilment of a contract between us, and this processing is done using automated procedures. If technically feasible, you can request us to transfer your data directly to another responsible person.
Right to object
You have the right to object to data processing at any time, if we process your data based on legitimate interest; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right to lodge a complaint with a supervisory authority
You have the right to complain if you are of the opinion that we are processing your data in violation of applicable data protection laws, to which we request that you contact us so that we can clarify any questions via the contact information in this policy. Naturally, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert any of the above rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
Right to withdraw consent
If we process your data based on consent, you can withdraw this consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
7. Amendment of the Privacy Policy
Any changes made by MUNIC to the Privacy Policy in the future will be posted on this page and, where appropriate, notified to You by e-mail. Please check back frequently to see any updates or changes to the Privacy Policy.
Annex: Third Party services privacy information:
Third Party | Service | Type / Scope of processing | Purpose / Legal Basis | Storage Duration |
OVH Cloud | Server hosting | We use OVH Cloud as our server hosting provider. The servers involved in the processing of your data are hosted in OVH Cloud Data Warehouses. | Contract execution / Legitimate interest. | Contract duration. |
Google Analytics | We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, subpages visited and the time spent by visitors. Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognize users. This information is used, among other things, to compile reports on website activity. | The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR. | The specific storage period of the processed data cannot be influenced by us but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytic: https://policies.google.com/privacy. | |
ODOO | ODOO Suite of apps : ODOO CRM, Accounting, invoicing, Sales, Subscriptions, Email marketing and inventory. | We use ODOO suite of Apps from ODOO, Louvain-la-Neuve, Belgique, to manage our customer data, automate processes, analyze data and insights, and create personalized customer experiences. | The use of ODOO is based on your consent in accordance with Art. 6 para. 1 lit. f. GDPR. | The specific storage period of the processed data cannot be influenced by us, but is determined by ODOO. Further information can be found in the privacy policy for ODOO: https://www.odoo.com/privacy |
HaynesPro | Cars – WSD Maintenance (WorkshopData) from HaynesPro, Leusden, The Netherlands. | We use HaynesPro WSD in order to retrieve vehicle description from vehicle VIN (Vehicle Identification Number), such as vehicle Make, Model, Year service schedule. | Contract execution / Legitimate interest. | The specific storage period of the processed data cannot be influenced by us but is determined by HaynesPro, part of Infopro Digital. Further information can be found in the privacy policy for Infopro Digital :https://www.infopro-digital.com/data-protection/eng/ |
AAA Data | Sivin from AAA Data, Paris, France. | We use Sivin in order to retrieve vehicle description from vehicle VIN (Vehicle Identification Number), or plate. | Contract execution / Legitimate interest. | The specific storage period of the processed data cannot be influenced by us but is determined by AAA Data. Further information can be found in the privacy policy of AAA Data: https://www.aaa-data.fr/politique-de-protection-donnees/ |
OpenWeather | OpenWeather API from OpenWeather ltd, London, the UK. | We use OpenWeather to retrieve weather information along routes and at vehicle locations. | Contract execution / Legitimate interest. | The specific storage period of the processed data cannot be influenced by us but is determined by OpenWeather ltd. Further information can be found in the privacy policy of OpenWeather : https://openweather.co.uk/privacy-policy |